All of lore.kernel.org
 help / color / mirror / Atom feed
From: Scott Garman <scott.a.garman@intel.com>
To: openembedded-core@lists.openembedded.org
Cc: Scott Garman <scott.a.garman@intel.com>
Subject: [PATCH 1/1] shadow-native: fix creation of home directories
Date: Tue, 28 Jun 2011 15:36:18 -0700	[thread overview]
Message-ID: <ef57f9bd8c49d62485143af9010fc8ea482d61e9.1309300395.git.scott.a.garman@intel.com> (raw)
In-Reply-To: <cover.1309300395.git.scott.a.garman@intel.com>
In-Reply-To: <cover.1309300395.git.scott.a.garman@intel.com>

Pseudo was recently changed so that when system() calls are
made after a chroot(), the host binaries can no longer be found,
breaking the system("mkdir -p") approach when useradd creates
home directories.

Instead, use mkdir(2) to create home directories with a helper
function to ensure parent directories get created.

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
 .../shadow/files/add_root_cmd_options.patch        |  125 +++++++++++++++----
 1 files changed, 98 insertions(+), 27 deletions(-)

diff --git a/meta/recipes-extended/shadow/files/add_root_cmd_options.patch b/meta/recipes-extended/shadow/files/add_root_cmd_options.patch
index db969bb..c5f2bec 100644
--- a/meta/recipes-extended/shadow/files/add_root_cmd_options.patch
+++ b/meta/recipes-extended/shadow/files/add_root_cmd_options.patch
@@ -27,7 +27,7 @@ Signed-off-by: Scott Garman <scott.a.garman@intel.com>
 
 diff -urN shadow-4.1.4.3.orig//src/gpasswd.c shadow-4.1.4.3//src/gpasswd.c
 --- shadow-4.1.4.3.orig//src/gpasswd.c	2011-02-13 09:58:16.000000000 -0800
-+++ shadow-4.1.4.3//src/gpasswd.c	2011-05-28 17:09:52.346013331 -0700
++++ shadow-4.1.4.3//src/gpasswd.c	2011-06-28 15:12:03.539504372 -0700
 @@ -63,6 +63,7 @@
   * (/etc/gshadow present) */
  static bool is_shadowgrp;
@@ -146,7 +146,7 @@ diff -urN shadow-4.1.4.3.orig//src/gpasswd.c shadow-4.1.4.3//src/gpasswd.c
  #endif
 diff -urN shadow-4.1.4.3.orig//src/groupadd.c shadow-4.1.4.3//src/groupadd.c
 --- shadow-4.1.4.3.orig//src/groupadd.c	2011-02-13 09:58:16.000000000 -0800
-+++ shadow-4.1.4.3//src/groupadd.c	2011-05-28 17:09:52.346013331 -0700
++++ shadow-4.1.4.3//src/groupadd.c	2011-06-28 15:12:03.539504372 -0700
 @@ -76,6 +76,7 @@
  static gid_t group_id;
  static /*@null@*/char *group_passwd;
@@ -209,7 +209,7 @@ diff -urN shadow-4.1.4.3.orig//src/groupadd.c shadow-4.1.4.3//src/groupadd.c
  			break;
 diff -urN shadow-4.1.4.3.orig//src/groupdel.c shadow-4.1.4.3//src/groupdel.c
 --- shadow-4.1.4.3.orig//src/groupdel.c	2011-02-13 09:58:16.000000000 -0800
-+++ shadow-4.1.4.3//src/groupdel.c	2011-05-28 17:09:52.346013331 -0700
++++ shadow-4.1.4.3//src/groupdel.c	2011-06-28 15:12:03.539504372 -0700
 @@ -36,6 +36,7 @@
  
  #include <ctype.h>
@@ -341,7 +341,7 @@ diff -urN shadow-4.1.4.3.orig//src/groupdel.c shadow-4.1.4.3//src/groupdel.c
  	{
 diff -urN shadow-4.1.4.3.orig//src/groupmod.c shadow-4.1.4.3//src/groupmod.c
 --- shadow-4.1.4.3.orig//src/groupmod.c	2011-02-13 09:58:16.000000000 -0800
-+++ shadow-4.1.4.3//src/groupmod.c	2011-05-28 17:09:52.346013331 -0700
++++ shadow-4.1.4.3//src/groupmod.c	2011-06-28 15:12:03.539504372 -0700
 @@ -79,6 +79,7 @@
  static char *group_passwd;
  static gid_t group_id;
@@ -402,7 +402,7 @@ diff -urN shadow-4.1.4.3.orig//src/groupmod.c shadow-4.1.4.3//src/groupmod.c
  		}
 diff -urN shadow-4.1.4.3.orig//src/grpconv.c shadow-4.1.4.3//src/grpconv.c
 --- shadow-4.1.4.3.orig//src/grpconv.c	2011-02-13 09:58:16.000000000 -0800
-+++ shadow-4.1.4.3//src/grpconv.c	2011-05-28 17:09:52.346013331 -0700
++++ shadow-4.1.4.3//src/grpconv.c	2011-06-28 15:12:03.539504372 -0700
 @@ -39,6 +39,7 @@
  
  #include <errno.h>
@@ -528,7 +528,7 @@ diff -urN shadow-4.1.4.3.orig//src/grpconv.c shadow-4.1.4.3//src/grpconv.c
  		         _("%s: cannot lock %s; try again later.\n"),
 diff -urN shadow-4.1.4.3.orig//src/grpunconv.c shadow-4.1.4.3//src/grpunconv.c
 --- shadow-4.1.4.3.orig//src/grpunconv.c	2011-02-13 09:58:16.000000000 -0800
-+++ shadow-4.1.4.3//src/grpunconv.c	2011-05-28 17:09:52.346013331 -0700
++++ shadow-4.1.4.3//src/grpunconv.c	2011-06-28 15:12:03.539504372 -0700
 @@ -43,6 +43,7 @@
  #include <stdlib.h>
  #include <string.h>
@@ -654,7 +654,7 @@ diff -urN shadow-4.1.4.3.orig//src/grpunconv.c shadow-4.1.4.3//src/grpunconv.c
  	}
 diff -urN shadow-4.1.4.3.orig//src/passwd.c shadow-4.1.4.3//src/passwd.c
 --- shadow-4.1.4.3.orig//src/passwd.c	2011-02-13 09:58:16.000000000 -0800
-+++ shadow-4.1.4.3//src/passwd.c	2011-05-28 17:09:52.346013331 -0700
++++ shadow-4.1.4.3//src/passwd.c	2011-06-28 15:12:03.539504372 -0700
 @@ -75,6 +75,7 @@
  static char *name;		/* The name of user whose password is being changed */
  static char *myname;		/* The current user's name */
@@ -719,7 +719,7 @@ diff -urN shadow-4.1.4.3.orig//src/passwd.c shadow-4.1.4.3//src/passwd.c
  				/* only "files" supported for now */
 diff -urN shadow-4.1.4.3.orig//src/pwconv.c shadow-4.1.4.3//src/pwconv.c
 --- shadow-4.1.4.3.orig//src/pwconv.c	2011-02-13 09:58:16.000000000 -0800
-+++ shadow-4.1.4.3//src/pwconv.c	2011-05-28 17:09:52.346013331 -0700
++++ shadow-4.1.4.3//src/pwconv.c	2011-06-28 15:12:03.539504372 -0700
 @@ -59,6 +59,7 @@
  
  #include <errno.h>
@@ -848,7 +848,7 @@ diff -urN shadow-4.1.4.3.orig//src/pwconv.c shadow-4.1.4.3//src/pwconv.c
  		         _("%s: cannot lock %s; try again later.\n"),
 diff -urN shadow-4.1.4.3.orig//src/pwunconv.c shadow-4.1.4.3//src/pwunconv.c
 --- shadow-4.1.4.3.orig//src/pwunconv.c	2011-02-13 09:58:16.000000000 -0800
-+++ shadow-4.1.4.3//src/pwunconv.c	2011-05-28 17:09:52.356013600 -0700
++++ shadow-4.1.4.3//src/pwunconv.c	2011-06-28 15:12:03.539504372 -0700
 @@ -35,6 +35,7 @@
  #ident "$Id: pwunconv.c 2852 2009-04-30 21:44:35Z nekral-guest $"
  
@@ -970,7 +970,7 @@ diff -urN shadow-4.1.4.3.orig//src/pwunconv.c shadow-4.1.4.3//src/pwunconv.c
  		exit (0);
 diff -urN shadow-4.1.4.3.orig//src/useradd.c shadow-4.1.4.3//src/useradd.c
 --- shadow-4.1.4.3.orig//src/useradd.c	2011-02-13 09:58:16.000000000 -0800
-+++ shadow-4.1.4.3//src/useradd.c	2011-05-28 17:10:25.446909971 -0700
++++ shadow-4.1.4.3//src/useradd.c	2011-06-28 15:12:14.608787030 -0700
 @@ -112,6 +112,7 @@
  #ifdef WITH_SELINUX
  static const char *user_selinux = "";
@@ -1085,26 +1085,97 @@ diff -urN shadow-4.1.4.3.orig//src/useradd.c shadow-4.1.4.3//src/useradd.c
  			case 'r':
  				rflg = true;
  				break;
-@@ -1748,8 +1808,16 @@
+@@ -1735,6 +1795,36 @@
+ 	}
+ }
+ #endif
++
++/*
++ * mkdir_p - create directories, including parent directories when needed
++ *
++ * similar to mkdir -p
++ */
++void mkdir_p(const char *path) {
++	int len = strlen(path);
++	char newdir[len + 1];
++	mode_t mode = 0755;
++	int i = 0;
++
++	if (path[i] == '\0') {
++		return;
++	}
++
++	/* skip the leading '/' */
++	i++;
++
++	while(path[i] != '\0') {
++		if (path[i] == '/') {
++			strncpy(newdir, path, i);
++			newdir[i] = '\0';
++			mkdir(newdir, mode);
++		}
++		i++;
++	}
++	mkdir(path, mode);
++}
++
+ /*
+  * create_home - create the user's home directory
+  *
+@@ -1748,34 +1838,31 @@
  #ifdef WITH_SELINUX
  		selinux_file_context (user_home);
  #endif
 -		/* XXX - create missing parent directories.  --marekm */
 -		if (mkdir (user_home, 0) != 0) {
-+		/* shell out to invoke mkdir -p 
-+		 * creating a subshell under pseudo's chroot() breaks the jail
-+		 * (bug in pseudo), so make sure we include the full host path
-+		 * to the sysroot when the --root option is in use.
-+		 */
-+		int sysroot_path_len = strlen(newroot);
-+		int home_path_len = strlen(user_home);
-+		char cmd[sysroot_path_len + home_path_len + 10];
-+		sprintf(cmd, "mkdir -p %s%s", newroot, user_home);
-+		if (system (cmd) != 0) {
- 			fprintf (stderr,
- 			         _("%s: cannot create directory %s\n"),
- 			         Prog, user_home);
-@@ -1861,6 +1929,7 @@
+-			fprintf (stderr,
+-			         _("%s: cannot create directory %s\n"),
+-			         Prog, user_home);
+-#ifdef WITH_AUDIT
+-			audit_logger (AUDIT_ADD_USER, Prog,
+-			              "adding home directory",
+-			              user_name, (unsigned int) user_id,
+-			              SHADOW_AUDIT_FAILURE);
+-#endif
+-			fail_exit (E_HOMEDIR);
+-		}
+-		chown (user_home, user_id, user_gid);
+-		chmod (user_home,
+-		       0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
+-		home_added = true;
++		mkdir_p(user_home);
++	}
++	if (access (user_home, F_OK) != 0) {
+ #ifdef WITH_AUDIT
+ 		audit_logger (AUDIT_ADD_USER, Prog,
+ 		              "adding home directory",
+ 		              user_name, (unsigned int) user_id,
+-		              SHADOW_AUDIT_SUCCESS);
++		              SHADOW_AUDIT_FAILURE);
++#endif
++		fail_exit (E_HOMEDIR);
++	}
++	chown (user_home, user_id, user_gid);
++	chmod (user_home,
++	       0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
++	home_added = true;
++#ifdef WITH_AUDIT
++	audit_logger (AUDIT_ADD_USER, Prog,
++	              "adding home directory",
++	              user_name, (unsigned int) user_id,
++	              SHADOW_AUDIT_SUCCESS);
+ #endif
+ #ifdef WITH_SELINUX
+-		/* Reset SELinux to create files with default contexts */
+-		setfscreatecon (NULL);
++	/* Reset SELinux to create files with default contexts */
++	setfscreatecon (NULL);
+ #endif
+-	}
+ }
+ 
+ /*
+@@ -1861,6 +1948,7 @@
  	 */
  	user_groups[0] = (char *) 0;
  
@@ -1114,7 +1185,7 @@ diff -urN shadow-4.1.4.3.orig//src/useradd.c shadow-4.1.4.3//src/useradd.c
  #ifdef SHADOWGRP
 diff -urN shadow-4.1.4.3.orig//src/userdel.c shadow-4.1.4.3//src/userdel.c
 --- shadow-4.1.4.3.orig//src/userdel.c	2011-02-13 09:58:16.000000000 -0800
-+++ shadow-4.1.4.3//src/userdel.c	2011-05-28 17:09:52.356013600 -0700
++++ shadow-4.1.4.3//src/userdel.c	2011-06-28 15:12:03.549503721 -0700
 @@ -79,6 +79,7 @@
  static char *user_name;
  static uid_t user_id;
@@ -1169,7 +1240,7 @@ diff -urN shadow-4.1.4.3.orig//src/userdel.c shadow-4.1.4.3//src/userdel.c
  				break;
 diff -urN shadow-4.1.4.3.orig//src/usermod.c shadow-4.1.4.3//src/usermod.c
 --- shadow-4.1.4.3.orig//src/usermod.c	2011-02-13 09:58:16.000000000 -0800
-+++ shadow-4.1.4.3//src/usermod.c	2011-05-28 17:09:52.356013600 -0700
++++ shadow-4.1.4.3//src/usermod.c	2011-06-28 15:12:03.549503721 -0700
 @@ -110,6 +110,7 @@
  static long user_newinactive;
  static long sys_ngroups;
-- 
1.7.1




  reply	other threads:[~2011-06-28 22:40 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-06-28 22:36 [PATCH 0/1] shadow-native fix for useradd Scott Garman
2011-06-28 22:36 ` Scott Garman [this message]
2011-06-30 23:27 ` Saul Wold

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ef57f9bd8c49d62485143af9010fc8ea482d61e9.1309300395.git.scott.a.garman@intel.com \
    --to=scott.a.garman@intel.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.